NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?

Florencio Cano florencio.cano at gmail.com
Fri Oct 5 11:17:01 CEST 2007

Previous message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Next message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks. You gave me some valious point to continue my work. I was not
using the last version of NC_Net. I will try EVENTLOG_NEW and I will
try to implement any of the solutions that you have commented. I will
post any result I get.

2007/10/4, Anthony Montibello <amontibello at gmail.com>:

> WMI should solve this problem for you.
>
> First off, make sure your using the current version of NC_NEt 4.1a and you
> would have access to a more optimized event log check called "eventlog_new"
>
> The Output is the same, thus it does not give what your are looking for.
> (but it may be more optimized than the WMI You would need to test this.)  if
> it is a quicker test, I recomend using it and setting up event handlers or
> manually running check_nt using WMI to get the file name.  note this assumes
> that you normally do not get an alert , so you would want the checking to
> induce the least load.
>
> If you know the names of the files you can setup seperate checks using the
> REGEXP of the EVENTLOG_NEw and this would serve as a workaround.
>
> If your looking for the files being modified. FILEAGE may be a good
> workaround.
>
> you should be able to setup an event handler that takes the EVENTID reported
> by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment
> interface) for the Event Log Message.
> CLASS - CIMV2  Win32_NTLogEvent -has the events  and the messeges in it.
> writing a querry to it may be tricky but if you need the File mane from the
> Message field this is the way to get it without writing new scripts, or
> paying for upgrades.
>
> or just run WMI checks directly and use wrapper scripts to interpret the
> results.
> please not on this, if a querry has no match there may be a NO OUTPUT error.

-- 
Florencio Cano Gabarda

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Next message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list